Introduction to Nmap

Network Mapper (Nmap) is the industry-standard tool for network discovery and security auditing. It uses raw packets to identify hosts, open ports, running services, OS versions, and firewall configurations.

Key Use Cases

Network auditing and mapping.

Simulating penetration tests.

Checking Firewall/IDS configurations.

Vulnerability assessment.

Core Capabilities

Nmap divides its scanning into five main techniques:

Host Discovery: Finding live hosts.

Port Scanning: Finding open ports.

Service Enumeration: Determining application versions.

OS Detection: Identifying the operating system.

Scriptable Interaction: Using the Nmap Scripting Engine (NSE).

💻 Syntax & Techniques

Basic Syntax

nmap <scan types> <options> <target>

Common Scan Flags

Flag	Description
-sS	TCP SYN Scan. Default & most popular. Fast and "stealthy."
-sT	TCP Connect Scan. Completes full 3-way handshake (noisier).
-sU	UDP Scan. Scans for open UDP ports.
-sI	Idle Scan. Uses a zombie host to scan blindly.
-O	OS Detection. Identifies IP protocol.

🔬 Deep Dive: TCP SYN Scan (sS)

This scan is efficient because it performs a half-open scan. It sends a SYN packet but never completes the TCP 3-way handshake, making it faster and harder to log.

How Nmap Interprets Responses:

Target sends SYN-ACK: Port is Open. (Nmap immediately sends RST to drop connection).

Target sends RST: Port is Closed.

No Response: Port is Filtered (Firewall dropped the packet).

Example

sudo nmap -sS localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-11 22:50 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000010s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
5432/tcp open  postgresql
5901/tcp open  vnc-1

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

PORT	STATE	SERVICE
22/tcp	open	ssh
80/tcp	open	http
443/tcp	filtered	https

PORT: The port number and protocol (e.g., 22/tcp).

STATE: open, closed, or filtered.

SERVICE: The service name (e.g., ssh, http).